Bug 217906 - security/vuxml: Document multiple security vulnerabilities in hostapd
Summary: security/vuxml: Document multiple security vulnerabilities in hostapd
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Mark Felder
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-19 01:16 UTC by leres
Modified: 2017-03-30 01:48 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
patch (1.40 KB, text/plain)
2017-03-19 01:16 UTC, leres
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description leres 2017-03-19 01:16:45 UTC
Created attachment 180949 [details]
patch

Document multiple vulnerabilities fixed in hostapd 2.6.

Document CVE-2015-5314 and CVE-2016-4476 affecting hostapd versions prior to 2.6.
Comment 1 leres 2017-03-19 01:30:02 UTC
I just submitted PR 217907 which upgrades hostapd to 2.6 and solves the vulnerabilities listed in this PR.
Comment 2 commit-hook freebsd_committer 2017-03-29 19:15:27 UTC
A commit references this bug:

Author: feld
Date: Tue Mar 28 23:19:48 UTC 2017
New revision: 437174
URL: https://svnweb.freebsd.org/changeset/ports/437174

Log:
  Document hostapd vulnerabilities

  PR:		217906

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer 2017-03-30 01:48:12 UTC
A commit references this bug:

Author: junovitch
Date: Thu Mar 30 01:47:42 UTC 2017
New revision: 437264
URL: https://svnweb.freebsd.org/changeset/ports/437264

Log:
  Actually, let's refer to the original entries for these hostapd CVEs

  Reflect CVE-2016-4476 / VID 967b852b-1e28-11e6-8dd3-002590263bf5 in cancelled

  CVE-2015-5314 is in VID 976567f6-05c5-11e6-94fa-002590263bf5

  PR:		217906
  Security:	https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
  Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml